Legal claims defining the scope of protection. Each claim is shown in both the original legal language and a plain English translation.
1. A method comprising: generating, using a processor, a first proxy and a first proxy companion paired with the first proxy; providing the first proxy to a host data processing system for installation therein; wherein the first proxy in the host data processing system and the first proxy companion communicate; detecting a proxy change event for the host data processing system; and responsive to the detecting, generating a second proxy and a second proxy companion paired with the second proxy and providing the second proxy to the host data processing system for installation therein.
A method for securing a host computer system involves creating a first proxy and a related "companion" application. The proxy is installed on the host. The proxy and companion communicate with each other. When a "proxy change event" is detected, a second proxy and its companion are created. The second proxy replaces the first proxy on the host system. This facilitates dynamic proxy updates.
2. The method of claim 1 , wherein the second proxy is structurally different from the first proxy and functionally equivalent to the first proxy.
The method described previously where a second proxy replaces a first proxy after a proxy change event occurs is further defined as the second proxy having a different internal structure or code layout than the first proxy, but performing the same functions. This structural difference provides diversity for security purposes, while maintaining identical functionality to ensure application compatibility.
3. The method of claim 2 , wherein the second proxy has a portion of program code program code that is functionally equivalent to a corresponding portion of program code in the first proxy that is located at different relative memory location than in the first proxy.
The method of generating a functionally equivalent but structurally different second proxy specifies the difference lies in the arrangement of program code. Specifically, a portion of the second proxy's code that performs the same function as a section of the first proxy's code is stored at a different memory address relative to the start of the proxy than it was in the first proxy. This provides a means to evade memory-based signature detection.
4. The method of claim 2 , wherein the second proxy uses a different communication protocol than the first proxy.
The method of generating a functionally equivalent but structurally different second proxy specifies the difference lies in the communication protocol it uses to interact with its companion. The first proxy uses one protocol, while the second proxy uses a different protocol to communicate with its corresponding companion. This provides a means to evade network-based signature detection.
5. The method of claim 1 , further comprising: instructing the host data processing system to deactivate the first proxy.
In addition to the method where a second proxy replaces a first proxy after a proxy change event, the host data processing system is explicitly instructed to deactivate the first proxy before or during the installation of the second proxy. This prevents conflicts and ensures that only one proxy is active at a time.
6. The method of claim 1 , further comprising: receiving a health status message from the first proxy within the host data processing system; and comparing the health status message with at least one health status criterion.
The method for securing a host computer system, involving dynamic proxy replacement, also includes the proxy sending "health status" messages to its companion. The companion evaluates these messages against predefined criteria to determine the proxy's health and operational status.
7. The method of claim 6 , further comprising: allowing the first proxy companion to instruct the first proxy to cause the host data processing system to perform an operation responsive to determining that the health status message meets the at least one health criterion.
Expanding on the method of health checks, if the health status message from the proxy meets the defined health criteria, the proxy companion instructs the proxy to allow the host system to perform a specific operation. This allows actions specified by user applications if the proxy is operating correctly.
8. The method of claim 6 , wherein detecting a proxy change event comprises: determining that the health status message does not meet the at least one health criterion.
Within the health check method, a "proxy change event" (triggering the generation of a new proxy) is triggered specifically when the health status message from the first proxy fails to meet at least one of the predefined health criteria. This indicates a potential problem, triggering proxy replacement.
9. The method of claim 1 , further comprising: the first proxy companion instructing the first proxy to cause the host data processing system to perform an operation specified by a user application.
Expanding on the basic proxy/companion method, the proxy companion can instruct the proxy to trigger a specific action or operation within the host system, based on requests originating from a user application. This enables the proxy to act as a secure intermediary for user-initiated commands.
10. The method of claim 1 , further comprising: receiving identifying information for the host data processing system from the first proxy; comparing the identifying information with a list of compromised host data processing systems; and responsive to matching the identifying information with an entry in the list, implementing at least one countermeasure.
The security method is enhanced by the proxy sending identifying information about the host system to the proxy companion. The companion compares this information against a list of known compromised systems. If a match is found, a countermeasure is activated to protect the system.
11. The method of claim 10 , wherein implementing the at least one countermeasure comprises: increasing a frequency of health check messages between the first proxy and the first proxy companion.
When the proxy companion identifies the host as potentially compromised, based on the identifying information sent by the proxy, one countermeasure involves increasing the frequency of health check messages between the proxy and its companion. This allows for more rapid detection of further issues.
12. The method of claim 10 , wherein implementing the at least one countermeasure comprises: increasing a complexity of content of health check messages between the first proxy and the first proxy companion.
When the proxy companion identifies the host as potentially compromised, based on the identifying information sent by the proxy, one countermeasure involves increasing the complexity of the health check messages between the proxy and its companion. This may involve more detailed status information or additional security checks.
13. The method of claim 10 , wherein implementing the at least one countermeasure comprises: decreasing allowed time between for receipt of a health check message from the proxy.
When the proxy companion identifies the host as potentially compromised, based on the identifying information sent by the proxy, one countermeasure involves decreasing the allowed time between the proxy companion sending a health check request and receiving the response from the proxy. This provides more immediate notification of any issues.
14. The method of claim 1 , wherein: the proxy comprises a proxy framework and a core module; and generating a second proxy and a second proxy companion paired with the second proxy and providing the second proxy to the host data processing system for installation therein further comprises: generating a new core module; providing the new core module to the host; unlinking and unloading the core module; and loading and linking the new core module.
In this method, the proxy consists of a "proxy framework" and a "core module". To generate and install the second proxy, a new core module is created. The old core module is unlinked and unloaded from the host, and the new core module is then loaded and linked. The proxy framework remains constant; only the core module is updated.
15. The method of claim 14 , wherein generating a second proxy and a second proxy companion paired with the second proxy and providing the second proxy to the host data processing system for installation therein further comprises: discontinuing data transfer between the proxy companion and the proxy and between the proxy and a peripheral device of the host data processing system until the new core module is loaded and linked; storing intermediate data from the core module within the core framework; and restoring the intermediate data to the new core module responsive to loading and linking the new core module.
During the core module replacement process, data transfer between the proxy companion and the proxy, and between the proxy and any peripheral devices attached to the host, is temporarily stopped. Any intermediate data from the old core module is stored within the proxy framework. Once the new core module is loaded, this intermediate data is restored to it, ensuring no data loss during the update. This process also includes stopping data transfer between the proxy and a remote data processing system.
16. The method of claim 15 , further comprising: discontinuing data transfer between the proxy and a remote data processing system.
During the core module replacement process described in the previous claim, data transfer is discontinued between the proxy and a remote data processing system as part of the steps taken to prevent data loss and corruption.
17. A system comprising: a memory; a processor coupled to the memory; an input/output device coupled to the processor; wherein the processor is programmed to initiate executable operations comprising: generating a first proxy and a first proxy companion paired with the first proxy; providing the first proxy to a host data processing system for installation therein using the input/output device; wherein the first proxy in the host data processing system and the first proxy companion communicate; detecting a proxy change event for the host data processing system; and responsive to the detecting, generating a second proxy and a second proxy companion paired with the second proxy and providing the second proxy to the host data processing system for installation therein using the input/output device.
A computer system comprises a processor, memory, and input/output devices. The processor is programmed to create a first proxy and a related "companion" application. The proxy is installed on the host via the input/output device. The proxy and companion communicate. When a "proxy change event" is detected, a second proxy and its companion are created and the second proxy replaces the first proxy on the host via the input/output device. This facilitates dynamic proxy updates.
18. The system of claim 17 , wherein the second proxy is structurally different from the first proxy and functionally equivalent to the first proxy.
The computer system described where a second proxy replaces a first proxy after a proxy change event occurs is further defined as the second proxy having a different internal structure or code layout than the first proxy, but performing the same functions. This structural difference provides diversity for security purposes, while maintaining identical functionality to ensure application compatibility.
19. A computer program product comprising a computer readable storage medium having program code stored thereon, the program code executable by a processor to perform a method comprising: generating, using the processor, a first proxy and a first proxy companion paired with the first proxy; providing, using the processor, the first proxy to a host data processing system for installation therein; wherein the first proxy in the host data processing system and the first proxy companion communicate; detecting, using the processor, a proxy change event for the host data processing system; and responsive to the detecting, generating, using the processor, a second proxy and a second proxy companion paired with the second proxy and providing, using the processor, the second proxy to the host data processing system for installation therein.
A computer program product stored on a computer-readable medium contains code that, when executed, causes a processor to create a first proxy and a related "companion" application. The proxy is installed on the host. The proxy and companion communicate. When a "proxy change event" is detected, a second proxy and its companion are created and the second proxy replaces the first proxy on the host. This facilitates dynamic proxy updates.
20. The computer program product of claim 19 , wherein the second proxy is structurally different from the first proxy and functionally equivalent to the first proxy.
The computer program product described where a second proxy replaces a first proxy after a proxy change event occurs is further defined as the second proxy having a different internal structure or code layout than the first proxy, but performing the same functions. This structural difference provides diversity for security purposes, while maintaining identical functionality to ensure application compatibility.
Unknown
November 14, 2017
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.